Uploaded image for project: 'Mesos'
  1. Mesos
  2. MESOS-9349

Prevent ptracing of container management processes.

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Reviewable
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: containerization, security
    • Labels:
      None
    • Target Version/s:

      Description

      The container launcher and the built-in executors are (at least partially) accessible to containerized user tasks. Since these processes may contain secrets or hold privileged resources, we can increase the difficulty of attacking them by preventing user tasks attaching to them with ptrace(2). This amounts to calling `prctl(PR_SET_DUMPABLE, 0)`.

        Attachments

          Activity

            People

            • Assignee:
              jamespeach James Peach
              Reporter:
              jamespeach James Peach
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: